P
Pat
CURRENT THREAT W32/Zafi.d@MM
Medium Risk
Current VirusScan users with DAT 4414 are protected from this threat.
What Is It?
Offering a fake holiday greeting, W32/Zafi.d@MM is a Medium Risk
mass-mailing worm that arrives as an email attachment. When run, the worm
displays a fake error message (Error in packed file!), infects the host
computer and emails itself to stolen email addresses using the infected
computer's Internet connection.
Like previous variants, the worm sends itself in different languages
depending on the recipient's address. For example, a .COM mail address
receives an English message, a .DE mail address receives German.
What should I look for?
a.. FROM: Varies (forged addresses taken from infected system)
a.. SUBJECT: Example: Fw: Merry Christmas!
a.. BODY: Example: Happy Hollydays!
a.. ATTACHMENT: Example: postcard.php8583.zip
How do I know if I've been infected?
Fake error message displayed. Alerts from a desktop firewall (if installed)
that a new application is asking for Internet access. TCP port 8181 open on
the infected system
Medium Risk
Current VirusScan users with DAT 4414 are protected from this threat.
What Is It?
Offering a fake holiday greeting, W32/Zafi.d@MM is a Medium Risk
mass-mailing worm that arrives as an email attachment. When run, the worm
displays a fake error message (Error in packed file!), infects the host
computer and emails itself to stolen email addresses using the infected
computer's Internet connection.
Like previous variants, the worm sends itself in different languages
depending on the recipient's address. For example, a .COM mail address
receives an English message, a .DE mail address receives German.
What should I look for?
a.. FROM: Varies (forged addresses taken from infected system)
a.. SUBJECT: Example: Fw: Merry Christmas!
a.. BODY: Example: Happy Hollydays!
a.. ATTACHMENT: Example: postcard.php8583.zip
How do I know if I've been infected?
Fake error message displayed. Alerts from a desktop firewall (if installed)
that a new application is asking for Internet access. TCP port 8181 open on
the infected system